Python: quickly find the trojan file

Websites are infiltrated and worried about being infected with Trojans. Therefore, I want to write my own scripts to search for the trojan files.

Ideas

You need to prepare an uninfected source code and a possibly infected source code, and then run the following script to find out which files are infected with Trojans.

Among them, it mainly filters out files that may be infected with Trojans Based on the md5 values of the two files (specifically, they should be modified files)

Python script

_ Author _ = 'flying' # coding: UTF-8 # Date: 2014.6.5 # Check the modified File import OS, sys, hashlib, datetimeglobal_DirOld = "" global_DirNew = "" global_FilesList = [] # enter the file path def InputDirPath (): global global_DirOld, global_DirNew global_DirOld = unicode (raw_input ("Enter the directory where the backup file is located:"), "UTF-8") while not OS. path. exists (global_DirOld): print u "the specified path does not exist. Enter" global_DirOld = unicode (raw_input ("Enter the directory where the backup file is located:"), "UTF-8") global_D IrNew = unicode (raw_input ("Enter the directory of the file to be checked:"), "UTF-8") while not OS. path. exists (global_DirNew): print u "the specified path does not exist. Enter" global_DirNew = unicode (raw_input ("Enter the directory of the file to be detected:"), "UTF-8") again ") # Save data to the file def SaveToFile (filePath, content): try: f = open (filePath, "a +") f. write (content. encode ("UTF-8") + "\ n") f. close () failed t Exception, ex: print "Error:" + str (ex) # Calculate the MD5 value of the file def calender 5 (filepath): try: # open with open in binary format (Filepath, 'rb') as f: md5obj = hashlib. md5 () md5obj. update (f. read () hash = md5obj. hexdigest () return hash failed t Exception, ex: print "Error:" + str (ex) return None # traverse all files in the directory def GetAllSubFiles (): global global_FilesList for dir in OS. walk (global_DirNew): for file in dir [2]: filePath = dir [0] + OS. sep + file global_FilesList.append (filePath [len (global_DirNew) + 1:]) # list newly added files and changed files def ListChangedFiles (): Global global_DirOld, global_DirNew, global_FilesList print u "changed or added files:" for file in global_FilesList: filePathOld = global_DirOld + OS. sep + file filePathNew = global_DirNew + OS. sep + file if not OS. path. exists (filePathOld) or calender 5 (filePathOld )! = Cal1_5 (filePathNew): content = "[" + datetime. datetime. now (). strftime ('% Y-% m-% d % H: % M: % s') + "]" + filePathNew print content SaveToFile ("ChangedFiles.txt", content) if _ name __= = "_ main _": InputDirPath () GetAllSubFiles () ListChangedFiles ()

Script Execution result

Author: was a civil engineer original address: http://www.cnblogs.com/hongfei/p/3769774.html